CNNVD-202602-766 Information
Feb 04, 2026
cve
CNNVD ID
CNNVD-202602-766
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
AutoGPT是AutoGPT开源的一个工具。用于让每个人都能使用和构建可访问的AI。 AutoGPT autogpt-platform-beta-v0.6.34之前版本存在代码问题漏洞,该漏洞源于SendDiscordFileBlock中直接使用第三方库aiohttp.ClientSession().get访问URL但未过滤输入URL,可能导致服务端请求伪造。
Description (English)
AutoGPT is a tool to open AutoGPT. Use this to make it possible for everyone to use and build accessable AI. The pre-AutoGPT autogpt-platform-beta-v0.6.34 version has a code problem loophole, which stems from the direct use of the third-party library at aio http.Clitsession().get access to URL without filtering URLs, which may result in the forgery of service requests.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
AutoGPT
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-ggc4-4fmm-9hmc
Patch
https://github.com/Significant-Gravitas/AutoGPT/releases
Share on: